1366 matches found
PYSA Emerges as Top Ransomware Actor in November
PYSA, which is also known by Mespinoza, has overtaken Conti as the top ransomware threat group for the month of November. It joined Lockbit, which has dominated the space since August. According to NCC Group’s November insights on the ransomware sector, PYSA increased its market share with a 50...
CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. Recent assessments: Assessed Attacker Value: 0...
postgresql: libpq processes unencrypted bytes from man-in-the-middle
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...
postgresql: libpq processes unencrypted bytes from man-in-the-middle
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...
Exploit for Incorrect Default Permissions in Microsoft
Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...
PT-2022-11908 · Odyssey +1 · Odyssey +1
Name of the Vulnerable Software and Affected Versions: Odyssey affected versions not specified Description: The issue allows a man-in-the-middle attacker to inject false responses to the client's initial queries when Odyssey storage is configured to use the PostgreSQL server with specific...
UBUNTU-CVE-2021-3935
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1...
PT-2021-21257 · Apache · Apache Ozone
Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows authenticated users with permission to the key to retrieve initially generated block tokens from the metadata database. These tokens can be used even after access has been...
Early user can break addLiquidity
Handle WatchPug Vulnerability details uint256 totalLiquidityUnits = totalSupply; if totalLiquidityUnits == 0 liquidity = nativeDeposit; // TODO: Contact ThorChain on proper approach In the current implementation, the first liquidity takes the nativeDeposit amount and uses it directly. However,...
Citrix Workspace app for Windows fails with "Your Apps are not Available at this Time"
Configurations for Citrix Workspace app for Windows and SSON apply correctly to registry, but on intiial logon attempt, user receives the error "Your apps are not available at this time."...
UBUNTU-CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...
openssh: Observable discrepancy leading to an information leak in the algorithm negotiation
A flaw was found in OpenSSH in versions 5.7 through 8.3, where an Observable Discrepancy occurs and leads to an information leak in the algorithm negotiation. This flaw allows a man-in-the-middle attacker to target initial connection attempts, where there is no host key for the server that has be...
Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs
Three separate threat groups are all using a common initial access broker IAB to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate and in some cases rival malware campaigns. The BlackBerry Resear...
Cross site request forgery (csrf)
Meross Smart Wi-Fi 2 Way Wall Switch MSS550X, on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app...
PT-2021-21854 · Meross · Meross Smart Wi-Fi 2 Way Wall Switch
Name of the Vulnerable Software and Affected Versions: Meross Smart Wi-Fi 2 Way Wall Switch MSS550X versions 3.1.3 and earlier Description: The issue allows a remote attacker to obtain the Wi-Fi SSID and the password configured by the user from the Meross app via an Http/JSON plain request. This ...
VulnCheck KEV: CVE-2020-5847
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access...
Slingshot: Incorrect initial balance fetched for native token in executeTrades()
Handle hickuphh3 Vulnerability details Impact The executioner contract only supports ERC20ERC20 token trades. Native token swaps are supported by either wrapping / unwrapping the ERC20 wrapped native token before / after the trades respectively. When exchanging from the native token, the wrapping...
Incorrect calculation of initialBalance in Slingshot.executeTrades()
Handle daejunpark Vulnerability details Impact The Slingshot.executeTrades incorrectly calculates initialBalance when toToken == nativeToken. It should have been the balance of wrapped native tokens e.g., WETH, rather than that of native currencies e.g., Ether. This incorrect behavior introduces...
What is fileless malware?
Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists in the computer’s memory, which means nothing is ever written directly to the hard drive...
CVE-2021-38459 AUVESY Versiondog
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...